aboutsummaryrefslogtreecommitdiff
path: root/security/selinux/nlmsgtab.c
AgeCommit message (Collapse)Author
2006-03-25Merge branch 'audit.b3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current * 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits) [PATCH] fix audit_init failure path [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format [PATCH] sem2mutex: audit_netlink_sem [PATCH] simplify audit_free() locking [PATCH] Fix audit operators [PATCH] promiscuous mode [PATCH] Add tty to syscall audit records [PATCH] add/remove rule update [PATCH] audit string fields interface + consumer [PATCH] SE Linux audit events [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL [PATCH] Fix IA64 success/failure indication in syscall auditing. [PATCH] Miscellaneous bug and warning fixes [PATCH] Capture selinux subject/object context information. [PATCH] Exclude messages by message type [PATCH] Collect more inode information during syscall processing. [PATCH] Pass dentry, not just name, in fsnotify creation hooks. [PATCH] Define new range of userspace messages. [PATCH] Filter rule comparators ... Fixed trivial conflict in security/selinux/hooks.c
2006-03-20[IPSEC]: Sync series - update selinuxJamal Hadi Salim
Add new netlink messages to selinux framework Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-03-20[PATCH] audit string fields interface + consumerAmy Griffis
Updated patch to dynamically allocate audit rule fields in kernel's internal representation. Added unlikely() calls for testing memory allocation result. Amy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST] > Modify audit's kernel-userspace interface to allow the specification > of string fields in audit rules. > > Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)
2006-03-20[PATCH] Define new range of userspace messages.Steve Grubb
The attached patch updates various items for the new user space messages. Please apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-08-29[SELINUX]: Update for tcp_diag rename to inet_diag.James Morris
Also, support dccp sockets. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2005-06-18[NETLINK]: Neighbour table configuration and statistics via rtnetlinkThomas Graf
To retrieve the neighbour tables send RTM_GETNEIGHTBL with the NLM_F_DUMP flag set. Every neighbour table configuration is spread over multiple messages to avoid running into message size limits on systems with many interfaces. The first message in the sequence transports all not device specific data such as statistics, configuration, and the default parameter set. This message is followed by 0..n messages carrying device specific parameter sets. Although the ordering should be sufficient, NDTA_NAME can be used to identify sequences. The initial message can be identified by checking for NDTA_CONFIG. The device specific messages do not contain this TLV but have NDTPA_IFINDEX set to the corresponding interface index. To change neighbour table attributes, send RTM_SETNEIGHTBL with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3], NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked otherwise. Device specific parameter sets can be changed by setting NDTPA_IFINDEX to the interface index of the corresponding device. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-18AUDIT: Treat all user messages identically.David Woodhouse
It's silly to have to add explicit entries for new userspace messages as we invent them. Just treat all messages in the user range the same. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-05-13AUDIT: Add message types to audit recordsSteve Grubb
This patch adds more messages types to the audit subsystem so that audit analysis is quicker, intuitive, and more useful. Signed-off-by: Steve Grubb <sgrubb@redhat.com> --- I forgot one type in the big patch. I need to add one for user space originating SE Linux avc messages. This is used by dbus and nscd. -Steve --- Updated to 2.6.12-rc4-mm1. -dwmw2 Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-05-06The attached patch addresses the problem with getting the audit daemon Steve Grubb
shutdown credential information. It creates a new message type AUDIT_TERM_INFO, which is used by the audit daemon to query who issued the shutdown. It requires the placement of a hook function that gathers the information. The hook is after the DAC & MAC checks and before the function returns. Racing threads could overwrite the uid & pid - but they would have to be root and have policy that allows signalling the audit daemon. That should be a manageable risk. The userspace component will be released later in audit 0.7.2. When it receives the TERM signal, it queries the kernel for shutdown information. When it receives it, it writes the message and exits. The message looks like this: type=DAEMON msg=auditd(1114551182.000) auditd normal halt, sending pid=2650 uid=525, auditd pid=1685 Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-05-01[PATCH] SELinux: add finer grained permissions to Netlink audit processingJames Morris
This patch provides finer grained permissions for the audit family of Netlink sockets under SELinux. 1. We need a way to differentiate between privileged and unprivileged reads of kernel data maintained by the audit subsystem. The AUDIT_GET operation is unprivileged: it returns the current status of the audit subsystem (e.g. whether it's enabled etc.). The AUDIT_LIST operation however returns a list of the current audit ruleset, which is considered privileged by the audit folk. To deal with this, a new SELinux permission has been implemented and applied to the operation: nlmsg_readpriv, which can be allocated to appropriately privileged domains. Unprivileged domains would only be allocated nlmsg_read. 2. There is a requirement for certain domains to generate audit events from userspace. These events need to be collected by the kernel, collated and transmitted sequentially back to the audit daemon. An example is user level login, an auditable event under CAPP, where login-related domains generate AUDIT_USER messages via PAM which are relayed back to auditd via the kernel. To prevent handing out nlmsg_write permissions to such domains, a new permission has been added, nlmsg_relay, which is intended for this type of purpose: data is passed via the kernel back to userspace but no privileged information is written to the kernel. Also, AUDIT_LOGIN messages are now valid only for kernel->user messaging, so this value has been removed from the SELinux nlmsgtab (which is only used to check user->kernel messages). Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-16[PATCH] SELinux: fix bug in Netlink message type detectionJames Morris
This patch fixes a bug in the SELinux Netlink message type detection code, where the wrong constant was being used in a case statement. The incorrect value is not valid for this class of object so it would not have been reached, and fallen through to a default handler for all Netlink messages. Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-16Linux-2.6.12-rc2Linus Torvalds
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!